Financial Services
AI agents in finance require strict controls around data handling, API access, and auditability.
Requirements
- Rate-limited access to trading APIs
- PII isolation from third-party services
- Human approval for high-value transactions
- Audit trail for SOX/GDPR compliance
Example: Trading Assistant
schema_version: "1.0"
name: trading-assistant
version: "1.0.0"
publisher: fintech-corp
capabilities:
- name: market-data
description: Read market prices
api:
method: GET
url_pattern: "https://api.exchange.com/v1/quotes/**"
rate_limit:
requests_per_minute: 600
taint_labels: [market_data]
- name: place-order
description: Execute trades
api:
method: POST
url_pattern: "https://api.exchange.com/v1/orders"
rate_limit:
requests_per_minute: 10
burst: 2
requires_approval:
threshold: always
timeout_seconds: 120
default_on_timeout: deny
secret_headers:
Authorization: "Bearer ${EXCHANGE_API_KEY}"
- name: llm-analysis
description: AI market analysis
api:
method: POST
url_pattern: "https://api.openai.com/v1/chat/completions"
rate_limit:
requests_per_minute: 30
secret_headers:
Authorization: "Bearer ${OPENAI_API_KEY}"
taint_rules:
- name: no-pii-to-llm
deny_flow:
from_labels: [customer_pii]
to_capabilities: [llm-analysis]
secrets:
- name: EXCHANGE_API_KEY
required: true
- name: OPENAI_API_KEY
required: true
Controls
| Requirement | Hull0 Feature |
|---|---|
| Rate-limited trading | rate_limit on place-order |
| PII protection | taint_rules blocking PII to LLM |
| Transaction approval | requires_approval: always |
| Audit trail | Hash-chained audit log |